Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

202 advisories

Loading
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to... High Unreviewed
CVE-2023-38047 was published Jul 9, 2024
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user ... High Unreviewed
CVE-2023-3288 was published Jul 9, 2024
SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to... High Unreviewed
CVE-2024-24312 was published May 1, 2024
Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to... High Unreviewed
CVE-2024-33383 was published Apr 30, 2024
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows... High Unreviewed
CVE-2024-28320 was published Apr 29, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS... High Unreviewed
CVE-2024-1107 was published Jun 27, 2024
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an... High Unreviewed
CVE-2021-36389 was published May 24, 2022
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through... High Unreviewed
CVE-2021-36388 was published May 24, 2022
An authorization bypass through user-controlled key vulnerability [CWE-639] in... High Unreviewed
CVE-2023-40720 was published May 14, 2024
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could... High Unreviewed
CVE-2024-4537 was published May 7, 2024
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could... High Unreviewed
CVE-2024-4538 was published May 7, 2024
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU... High Unreviewed
CVE-2021-20599 was published May 24, 2022
Magento Improper input validation vulnerability High
CVE-2022-42344 was published for magento/community-edition (Composer) Oct 20, 2022
A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7.... High Unreviewed
CVE-2023-6317 was published Apr 9, 2024
Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows... High Unreviewed
CVE-2023-6523 was published Apr 5, 2024
Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA... High Unreviewed
CVE-2022-24401 was published Oct 19, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2023-4934 was published Sep 27, 2023
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object... High Unreviewed
CVE-2023-4213 was published Sep 13, 2023
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to... High Unreviewed
CVE-2020-10130 was published Sep 6, 2023
An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH... High Unreviewed
CVE-2023-28481 was published Aug 14, 2023
Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a... High Unreviewed
CVE-2023-37543 was published Aug 10, 2023
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference... High Unreviewed
CVE-2023-38257 was published Jul 18, 2023
The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass... High Unreviewed
CVE-2023-3525 was published Jul 12, 2023
The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in... High Unreviewed
CVE-2023-3105 was published Jul 12, 2023
An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24... High Unreviewed
CVE-2023-0985 was published Jul 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database